President Bush's proposed $2.57 trillion
federal budget for Fiscal Year 2006 greatly increases the
amount of money spent on surveillance technology and programs
while cutting about
150 programs—most of them from the Department of Education.
EPIC's "Spotlight
on Surveillance" project scrutinizes these surveillance programs.

[click
to view full PDF graphic]

Airport security has undergone significant changes since the
terrorist attacks of Sept. 11, 2001. Recently, the Transportation Security
Administration (TSA) announced a proposal to purchase and deploy "backscatter" X-ray
machines to search air travelers at select airports. TSA said it believes
that use of the machines is less invasive than pat-down searches. However,
these machines, which show detailed images of a person's naked body,
are equivalent to a "virtual strip search" for all air travelers.
This proposal, along with the agency's controversial plan to profile
air travelers, shows extraordinary disregard for the privacy rights
of air travelers. The Department of Homeland Security is requesting $72 million
to invest in detection systems, which includes funding for the backscatter
machines, which cost between $100,000 and $200,000 each. 1

Airports
Where Backscatter Machines Will Be or Currently Are Used:

Baltimore/Washington

Dallas/Fort Worth

Jacksonville, Fla.

Phoenix

San Francisco

London's Heathrow

Source: Media reports

The backscatter machines use high-energy X-rays that are more likely
to scatter than penetrate materials as compared to lower-energy X-rays used
in medical
applications.2 Although this type of X-ray
is said to be harmless, it can move through other materials, such
as clothing. When being screened, a passenger is scanned by high-energy X-ray
beam moving
rapidly over her body. The signal strength of detected backscattered
X-rays from a known position then allows a highly realistic image to be reconstructed.
In the case of airline-passenger screening, the image is of the traveler's
nude form. The image resolution of the technology is high, so the
picture of the body presented to screeners is detailed enough to show genitalia.3 These
images are not necessarily temporary  screeners can save the body images
to the system's hard disk or floppy disk for subsequent viewing on either "the
system monitor or on any IBM compatible personal computer with color
graphics."4

[click
to view full PDF graphic]

Two major vendors produce backscatter machines for security purposes.
American Science and Engineering (AS&E) offers "Z Backscatter" products,
including its "BodySearch" device for scanning humans.5 Rapiscan
Systems, a division of OSI Systems, offers the Rapiscan Secure 1000, the
X-ray machine that TSA is using to search air passengers. 6

The X-ray machines have been used at 12 U.S. airports to search air travelers
that U.S. Customs agents suspect are carrying illegal drugs.7 They
have also been used to search air passengers at London's Heathrow airport.
TSA has not formally announced when or where the backscatter machines will
be used to screen regular air travelers.8 However,
media reports have revealed some of the airports where the machines will
be or currently are being used. The airports are: Baltimore/Washington;
Dallas/Fort Worth, Jacksonville, Fla.; Phoenix, and San Francisco.9 Other
airports where TSA is also considering using the backscatter machines are:
Atlanta; Boston; Chicago O'Hare; Gulfport, Miss.; Kansas City; Las Vegas;
Los Angeles; Miami; Minneapolis/St Paul; New York JFK, and Tampa.10

Airports
That May Use Backscatter Machines:

Atlanta

Boston

Chicago O'Hare

Gulfport, Miss.

Kansas City

Las Vegas

Los Angeles

Miami

Minneapolis/St Paul

New York JFK

Tampa

Source: Media reports

As the government has quietly deployed the scanners, there have been
numerous questions about the privacy risks arising from the use of this
technology.11 For all practical purposes,
this X-ray machine would compel millions of airline travelers to submit
themselves to a level of bodily exposure that almost everyone would consider
indecent and many might find religiously or ethically offensive. AS&E
executive Richard Mastronardi, discussing the images, said "[Y]ou
can see the threats, but you can also see quite a bit of people's
anatomy."12 TSA Security Laboratory
Director Susan Hallowell, who was a test subject to demonstrate the technology
in 2003, said that backscatter "makes you look fat and naked." 13 The
level of detail uncovered akin to a disrobing in public: the images seen
by the screeners reveal the outlines of nipples and genitalia.

Yet for all the detailed information the technology discerns, its utility
appears to be limited. Keeping the radiation dose low enough to skim the
skin's surface means that backscatter cannot detect weapons hidden
in body folds.14 Nor is the technology
the functional equivalent of a body cavity search.15 More
importantly, low-dose backscatter x-ray does nothing to eradicate the
risk of explosives and other contraband being brought aboard aircraft
in carry-on or other baggage, for which Rapiscan technology is ineffective.16 Moreover,
the likelihood of actually detecting materials that would not otherwise
be found by routine screening, a magnometer, or physical inspection is
so small when compared with the undressing of all air passengers, including
young children, that many legal systems would consider the search to be
disproportionate and overly invasive.

A capacity for public viewing, storage, and recall of the images raises
special implications for many groups, including children and women. Many
female passengers have complained to the FAA about "what amounts
to sexual abuse " when they were made to submit to pat-down searches.17

Still, manufacturers and other advocates say that backscatter scanning
could replace pat-down searches.18 Rapiscan
said that, given the choice between a pat-down and the backscatter imaging,
most people prefer the latter.19 However,
at Orlando International Airport, at least 25% of passengers refused to
submit to the scanning after viewing a sample image.20 Although
Department of Homeland Security Secretary Michael Chertoff recently said
such "hand-wringing" has delayed widespread backscatter deployment,
U.S. travelers aren't the only ones hesitating. Passengers at London's
Heathrow Airport expressed surprise and embarrassment upon viewing their
Rapiscan images, and a Heathrow spokesman refused to disclose whether
passengers preferred the scanning to a hand search. 21

The risks to privacy rights can be lowered only slightly with some modifications
to TSA's current X-ray machine program. The agency could tailor the
backscatter technology with the digital equivalent of a "fig leaf."22 As
recently as November, the British press reported that the TSA did not
intend to deploy the scanner until manufacturers had made such modifications.23 Whether
the agency will modify the scanners before they are used at the 16 airport
test sites is uncertain. Also, to limit exposure to public view, the screeners
and their monitors could be placed in private booths, thus preventing
the general public from viewing the detailed images.24 But
even this technique leaves open the question of whether the original unedited
image is obtained and stored by scanning device, whether or not it is
available to a screener at a particular point in time.

TSA is asking for funding for these costly, privacy-invasive machines
despite its history of showing little regard for the privacy rights of
individuals. Passengers have often complained about the agency's
poor redress procedures, for example its no-fly watch lists. The Government
Accountability Office (GAO) and the Department of Homeland Security Inspector
General in March released reports that were critical of the Transportation
Security Administration.25 These
reports highlight the agency's failures concerning privacy rights,
transparency, and redress procedures.

The GAO's March report examined the Transportation Security Administration
measures for testing the use of commercial data within Secure
Flight, the agency's passenger prescreening program currently under
development. The GAO was unable to assess, among other things,
the effectiveness of
the system, the accuracy of intelligence data that will determine
whether passengers may fly, safeguards to protect passenger privacy,
and the adequacy
of redress for passengers who are improperly flagged by Secure
Flight. 26

The recently enacted Intelligence
Reform and Terrorism Prevention Act of 2004 directed TSA to create a system
for travelers to
correct inaccurate information
that has caused their names to be added to the no-fly list.27 TSA
maintains that it has an adequate redress process to clear individuals improperly
flagged by watch lists; however, it is well known that individuals encounter
great difficulty in resolving such problems. Senators Ted Kennedy (D-MA) and
Don Young (R-AK) are among the individuals who have been improperly flagged by
watch lists.28 Sen. Kennedy was able to
resolve the situation only by enlisting the help then-Homeland Security Secretary
Tom Ridge; unfortunately, most people do not have that option.

Also in March,
the Department of Homeland Security Inspector General issued findings
on TSA's role in collecting and disseminating airline passenger data to
third party agencies and companies. The report revealed that the agency has been
involved in 14 transfers of data involving more than 12 million passenger records.29 The
Inspector General found, among other things, that "TSA did not consistently
apply privacy protections in the course of its involvement in airline passenger
data transfers."30 Furthermore, TSA
did not accurately represent to the public the scope of its passenger data
collection and use.31

The Inspector General's critical
report comes almost a year after the agency's
admission that it had acted improperly with regard to passenger data collection
and use. In June 2004 then-TSA Acting Administrator Admiral David Stone admitted
to the Senate Governmental Affairs Committee that in 2002 TSA facilitated the
transfer of passenger data from American Airlines, Continental Airlines, Delta
Airlines, America West Airlines, Frontier Airlines, and JetBlue Airways to TSA "cooperative
agreement recipients" for purposes of CAPPS II testing, as well as to
the Secret Service and IBM for other purposes.32 Stone's
admission followed repeated denials to the public, Congress, GAO, and Department
of Homeland Security Privacy Office that TSA had acquired or used real passenger
data to test CAPPS II.33

The government
also uses backscatter technology to conduct searches for purposes unrelated
to aviation security. AS&E stated that the technology is used in
more than 30 federal agencies, including the Capitol Police and the Department
of State, the latter of which uses backscatter technology at overseas embassies.34 The
company said that the Department of Homeland Security uses its backscatter
vans—whose imaging technology exposes the contents of passing vehicles and
can
be operated remotely—for "counterterrorism applications."35 Backscatter
devices are reportedly in use in American prisons.36

Backscatter
technology enables a virtual strip search that produces detailed naked images
of individuals, including females and young children. The technology
provides little additional security beyond other screening techniques, including
magnometers, physical examination, and baggage inspection. It is an extraordinarily
invasive technique that is disproportionate to its use. Future funding of this
program should be suspended.

8 The agency
has refused to formally acknowledge the names of the airports where
backscatter machines are currently being tested. Joe Sharkey, Airport
Screeners Could Get X-Rated X-Ray Views, NY Times, May 24, 2005,
at C5.

25 Government
Accountability Office, Secure Flight Development and Testing Under
Way, but Risks Should Be Managed as System Is Further Developed, GAO-05-356
(March 2005) (hereinafter "GAO Report"). Department of Homeland
Security Inspector General, Review of the Transportation Security
Administration's Role in the Use and Dissemination of Airline Passenger
Data (Redacted), OIG-05-12 (March 2005) ("OIG Report").

33See, e.g., Ryan
Singel, More False Information From TSA, Wired News, June 23,
2004 ("After the JetBlue transfer was brought to public attention
in September 2003, TSA spokesman Brian Turmail told Wired News that
the TSA had never used passenger records for testing CAPPS II, nor had
it provided records to its contractors. In September 2003, Wired News
asked TSA spokesman Nico Melendez whether the TSA's four contractors
had used real passenger records to test and develop their systems. Melendez
denied it, saying, We have only used dummy data to this point.' "); U.S.
Representative John Mica (R-FL) Holds Hearing on Airline Passenger Profiling
Proposal: Hearing Before the Aviation Subcomm. of the House Transportation
and Infrastructure Comm., 105th Cong. (March 2004) (Admiral Stone
testifying that CAPPS II testing was likely to begin in June 2004);
GAO Report at 17 ("TSA has only used 32 simulated passenger records  created
by TSA from the itineraries of its employees and contractor staff who
volunteered to provide the data  to conduct [CAPPS II] testing");
Department of Homeland Security Privacy Office, Report to the Public
on Events Surrounding jetBlue Data Transfer (Feb. 2004) 8 ("At
this time, there is no evidence that CAPPS II testing has taken place
using passenger data").

34Hearing
on Deployment and Use of Security Technology before the House Subcommittee
on Aviation, 107th Congress (2001).